Most international companies have adopted a mere wait-and-see approach regarding the compliance with China’s new Cybersecurity Law. Now, the recent investigation against the country’s top social media providers definitely sets off alarm bells – it is time to take compliance with China’s Cybersecurity Law seriously.

In early August, the Cyberspace Administration of China (CAC) has initiated an investigation against three Chinese social media platforms – Tencent Wechat, Sina Weibo and Baidu Tieba – over suspected violations of the Cybersecurity Law. The CAC is looking into whether these service providers have been spreading information which violates national and public security, as well as the social order. Moreover, it remains to be seen if they failed to exercise their management duties over prohibited information disseminated by their users.

The Cybersecurity Law defines “prohibited information” as violent or horrific content, fake rumors, pornographic materials, and any other information which endangers national security, public security or social order. “Prohibited information” also includes information that infringes the reputation, privacy, or intellectual property rights of any person.

This is not the first case of the Cybersecurity Law enforcement. Last month, the authorities investigated and prosecuted a technology company in Chongqing over failing to save the users log data. This company was given a warning and required to “remediate and rectify” within 15 days. At least six further enforcement actions were conducted by local Public Security Bureaus in Beijing, Guangdong, Shanxi, Jiangsu, Zhejiang, and Sichuan against private and state owned enterprises as well as one training and research center. Most violations such as the existence of SQL injection loopholes or failure to implement network security measures were sanctioned by warnings and rectification orders. In one case, a fine of 10.000 RMB was imposed on the institution in question as well as a fine of 5.000 RMB on its legal representative.

Despite the petition of international companies to delay the legislation, China’s Cybersecurity Law has come into effect on June 1st, 2017. In its announcement, the Cyberspace Administration emphasized that it will put serious efforts into the implementation of the Cybersecurity Law, intensify the internet content monitoring, and prosecute the violations.

Unlike similar international laws, it covers basically every industry and uses very vague language, which leaves a lot of confusion regarding its implementation. Furthermore, the Cybersecurity Law is likely to be revised and further tightened through additional regulations in the near future. This makes risk management a vital exercise in compliance with the China’s Cybersecurity Law as international companies have to work through a large amount of uncertainties in adjusting their international operations and organization.